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AMENDMEN T TO THE CLAIMS 

The listing of claims will replace aU prior versions, and listings, of claims in the 
application: 
Listing of Claims; 

1 . (Currently Amended) In a network system that includes a first computer system 
network connectablc to a second computer system, the first computer system capable of 
encrypting data, a method of the first computer system encrypting data so as to guard against 
eavesdropping and brute force attacks, the method comprising the following: 

an act of securely negotiating a master secret with the second computer system jor 
„ polity of data p - frflta to be tra n smitted from the first computer system tP the 
crfwmH ftftwiputer system; 

an act of generating a random bit sequenc e for each data packet, fre random bit 
sequence being different for each data packet ; 

an act of including the random bit sequence, for each data packet, into a seed to 
generate a random *h«t is flifTcrcnt for each data packet; 

For each data packet an act of inputting the master secret and the random seed 
res ponding to *»rh data packet into a key generation module to generate a 
corresponding ke v midi that the co rres ponding kev is different for each data packet ; 

far «if-h data packet, a n act of using the corresponding key to encrypt the 
corresponding_d ala^acjsel; and 

far aach data packet, an act of including the encrypted data eacjcet^and the 
corresponding r andom seed in a data structure ^ is transmitted form the first compute 
to the second computer . 

2. (Original) A method in accordance with Claim 1, wherein the data strucLurc is 
a data packet, the method further comprising an act of transmitting the data packet in accordance 
with a protocol. 
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3. (Original) A method in accordance with Claim 2, wherein the data packet 
includes a Security Parameter Index in accordance with the Encapsulating Security Payioad 
(ESP) protocol. 



4. (Cancelled). 

5. (Original) A method in accordance with Claim 2, wherein the protocol 
comprises an unconfirmed push protocol. 

6. (Original) A method in accordance with Claim 5, wherein the unconfirmed 
push protocol comprises User Datagram Protocol (UDP). 

7. (Original) A method in accordance with Claim 1, further comprising an act of 
negotiating a parameter expiry with the second computer system, the parameter expiry indicating 
the lifetime of the master secret. 

8. (Original) A method in accordance with Claim 7, wherein upon expiration of 
the lifetime of the master secret, performing an act securely renegotiating a master secret with 
the second computer system. 

9. (Original) A method in accordance with Claim 1, wherein the second 
computer system comprises a wireless device. 

10. (Original) A method in accordance with Claim 1, wherein the act of 
generating a random bit sequence is performed by a cryptographically secure random number 
generator. 

1 1 . (Original) A method in accordance with Claim 1, further comprising an act of 
including, in the random seed, a bit sequence that represents the current time. 
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12. (Original) A method in accordance with Claim 1, wherein the random seed is 
at least 96 bits. 
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13 (Currently Amended) A computer program product for use in a network system 
that includes a first computer system network connectable to a second computer system, the 
colter program product for implementing a method of the first computer system encryptmg 
data so as to guard against eavesdropping and brute force attacks, the computer program product 
comprising a computer-readable medium having stored thereon the following: 

computcr-executablc instructions for performing an act of securely negotiating a 
master secret with the second computer system for , polity »r riala packets to be , 

i,. ^ r mm the-, first co- r to * rroM <*""P" tef SYStem; 

computer-executable instructions for performing an act of generating a random bit 

f ~ ~* data nacke r ™A nm bit wwwcb heinr diffcrnu for each data 

packet ; 

computer-executable instructions for performing an act of including the random 
bit ~r- ~ for ^h data packet, into a seed to generate a random seed that is different 
for each data Backet : 

computer-executable instructions for performing, for each data packet, an act of 
inputting the master secret and the random seed corresponding to each data packet into a 
key generation module to generate « .^responding ke y, such that the corresponding key 
js different fo r em* flnta packet: 

computer-executable instructions for performing, for P^kel, an act of 

using the cojTesoondjngkey to encrypt ffir corresponding dalajacket; and 

computer-executable instructions for pcrfonning, for each d , a<a packet, an act of 
including the encrypted data packet and the corresponding , r andom seed in a data 
r .„„.„-. ^ h flitted form r b" fi«t computer to the second compter. 

14. (Original) The computer program product as recited in Claim 13, wherein the 
computer-readable medium is a physical storage medium. 
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15 (Currently Amended) In a network system that includes a first computer system 
network correctable to a second computer system, the first computer system capable of 
encrypting data, a method of the first computer system encrypting data so as to guard agamst 
eavesdropping and brute force attacks, the method comprising the following: 

an act of securely negotiating a master secret with the second computer system; 

a step for generating a H jfr^nt encryption k e y for enr.h spending dat a 
r<M *n> trotted h-—- ,he first and <*-.mr,d computer systems, using the master 
secret and the-aJifjergjLrandom seed for each data packed that Uiu mm t or nrrnt m ri 
k u y aro diffi u ul t fu i a j i oavocdropp o r to idontify ; 

an act of nrinr thr MfF "^ ' T P™**" kevs encrvpt ""^^ 
packct s tl i o key to encrypt d nt n ; and 

an act of Hiefe^lBr^tir^me encrypted data packet* tp the secor»d computer 
^ m .ar.h data t ~*f tr-nsmittcd with -asd-the djf£renLrar.dom seed thatwas 
t» f merate the encryption key ^ nrcpnnding to each data paqk sjin a data atruoture. 

16. (Original) A method in accordance with Claim 15, wherein the data structure 
is a data packet, the method further comprising an act of transmitting the data packet in 
accordance with a protocol to the second computer system. 

17. (Cancelled). 

18. (Original) A method in accordance with Claim 16, wherein the protocol 
comprises an unconfirmed push protocol. 

19. (Original) A method in accordance with Claim 18, wherein the unconfirmed 
push protocol comprises User Datagram Protocol (UDP). 

20. (Original) A method in accordance with Claim 15. wherein the second 
computer system comprises a wireless device. 



Page 6 of 14 



PAS 10/18 r RCVD AT 11M/20O4 1:23:74 PM [Eastern Standard rirae]*SVR:USPT0-EFXRF-1/3* DMS:8729306 * CStD:18Ot3281707 * DURATION (mn>ss):04-42 



NOV-04-04-THU 1H24 AM WORKMAN NYDEGGER 



FAX NO. 18013281707 



P. 11 



Application No. 00/76U73 
Amendment **A" dntcd November 4. 2004 
giply w Office Action moiled August 23. ZW* 

21. (Original) A method in accordance with Claim 15, further comprising an acl 
of including, in the random seed, abit sequence that represents the current lime. 

22. (Original) A method in accordance with Claim 15, wherein the step for 
generating a key using the master secret and the random seed comprises the following: 

an act of generating a random bit sequence; 

an act of including the random bit sequence in a seed to generate the random seed; 

and 

an act of inputting the master secret and the random seed into a key generation 
module to generate a key- 
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23 (Currently Amended) In a network system that includes a first computer system 
network conncctable to a second computer system, a method of the second computer system 
decrypting a data packet that was transmitted to the second computer system by the first 
computer system, the data packet being encrypted so as to guard against eavesdropping and brute 
force attacks, the method comprising the following: 

an act of securely negotiating a master secret with the first computer system; 

an act of receiving ■ r'"""" ° f encrypted data packets from the first computer 

- r ,^ the nrst co r r-'" <™ lem en " VI,ts RVCrY *** p * okRt with * different keY 

M . l! iffe ».n> r» n *« m ^ crh that each enn-vntsd dftta packet received by the 
S W nd compute - - «Yf««m is encrY P^ with a different key based ; 

an act of reading a random seed from at least one of the data packets^eeeived 
fcuu the fir:t ooiiiputcr r/3tp m, t h - — r* n <i i tmln rt ine a random bit oequ e n ee 
gonorated by a random number gonorator ; 

an act of inputting the master secret and the random seed into a key generation 
module to generate a key; and 

an act of using the key to decrypt the data packet. 



24. (Original) A method in accordance with Claim 23, wherein the data packet 
includes a Security Parameter Index in accordance with the Encapsulating Security Payload 
(ESP) protocol. 

25. (Cancelled). 

26. (Original) A method in accordance with Claim 23, wherein the data packet is 
received using an unconfirmed push protocol. 

27. (Original) A method in accordance with Claim 26, wherein the uncon firmed 
push protocol comprises User Datagram Protocol (UDP). 
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28 (Original) A method in accordance with Claim 23, further comprising an act 
of negotiating a parameter expiry with the first computer system, the parameter expiry indicating 
the lifetime o f the master secret. 

29. (Original) A method in accordance with Claim 28, wherein upon expiration 
of the lifetime of the master secret, performing an act securely renegotiating a master secret with 

the first computer system. 

30. (Original) A method in accordance with Claim 29, wherein the second 
computer system comprises a wireless device. 

31. (Original) A method in accordance with Claim 23, wherein the random seed 
includes a bit sequence that represents the current time. 

32. (Original) A method in accordance with Claim 23, wherein the random seed 
is at least 96 bits. 
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33 (Currently Amended) A computer program product for use in a network system 
that includes a first computer system network correctable to a second computer system, the 
computer program product for implementing a method of the second computer system 
decrypting a data packet that was transmitted to the second computer system by the first 
computer system, the data packet being encrypted so as to guard against eavesdropping and brute 
force attacks, Ac computer program product comprising a computer-readable med.um havmg 

stored thereon the following: 

computer-executable instructions for performing an act of securely negotiatmg a 

master secret with the first computer system; 

computer-executable instructions for performing an act of d u ct i ng the reocipt of 
j. Jiitu select frnm Hi. fii t — '^^ eceiving a Pl»rality of encrypted data 

packets from the first computer system whrrrin the first computer system encrypts every 
pa ^, with a differ ^ V«v based on a different random such that each 

■ ^ Art* nac ^ ^ived bv the scrond computer 'Y*™ " ™«-.rypted with a 

different kev based: 

computer-executable instructions for performing an act of reading a random seed 
from *t least one of t he data packet a - ^u uu d fi u m thu f i r n t rn mm ^ r s ^ t o. n, the random 
seu d including arand u m bit scquon nr, c u i u.alL Jb > a n nr l u m number gon n r nto r , 

computer-executable instructions for performing an act of inputting the master 
secret and the random seed into a key generation module to generate a key; and 

computer-executable instructions for performing an act of using the key to 
decrypt the data packet. 



34. (Original) A computer program product in accordance with Claim 33, 
wherein the computer-readable medium is a physical storage medium. 
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3S (Oirrently Amended) In a network system comprising a plurality of server 
computer system cormectable through a network with a plurality of client computer systems, the 
network system comprising the following: 

a server computer system configured to securely negotiate a master secret with a 
client computer system, generate and include a random bit sequence in a seed to generate 
a different random ~ * ^ ™™ ™*« to he transmilH between the client 
™ m nuter systems, input the master secret and the^aefcrandom seed into a server-side 
key generation module to generate a djgjgcjrtjce y for every dafr T™*« > use ^SS^k^ 
to encrypt a-thecojr^apndjn^data packets, and transmit the data packets to the client 
computer system; and 

the client computer system, the client computer system further configured to 
receive the data packets from the server computer system, read the djflterc* random seed 
from Ae-each data packet, input the master secret and fl ^each different random seed into 
a client side key generation module to generate Hte£&aoL keys, and todecrypt the 
corres ponding data packets. 
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